[Bug 1267393] Re: [MIR] juju-core, juju-mongodb

Thu Jan 9 09:51:42 UTC 2014

** Description changed:

- TBC
+ >> juju-mongodb <<
+ 
+ Availability
+ ------------
+ 
+ In universe, available on all required architectures (x86, armhf, arm64,
+ ppc64el).
+ 
+ Rationale
+ ---------
+ 
+ MongoDB is a dependency for operating a Juju deployed Ubuntu
+ environment.
+ 
+ Security
+ --------
+ 
+ MongoDB has had some CVE's in the past, related to the use of the V8 and
+ Spidermonkey Javascript engine in the Mongo Shell; however juju-mongodb
+ builds without support for Javascript scripting, avoiding the historic
+ CVE's (which where fixed upstream anyway).
+ 
+ Quality assurance
+ -----------------
+ 
+ Package installs cleanly, package build process runs upstream smoke
+ tests (minus jstests due to disabling javascript support).   Tests pass
+ on all architectures.
+ 
+ Dependencies
+ ------------
+ 
+ All in main already
+ 
+ Standards compliance
+ --------------------
+ 
+ OK (well is scons but we won't hold that against it)
+ 
+ Maintenance
+ -----------
+ 
+ Upstream MongoDB run stable releases with point updates; its intended
+ that a MRE is applied for this package so point releases can be pushed
+ as SRU's.
+ 
+ Its also possible that we might need to bump a major version (2.4.x ->
+ 2.6.x); as this package is specific to Juju, we can constrain the impact
+ and regression testing to Juju only.
+ 
+ Background information
+ ----------------------
+ 
+ Why a separate package? it was agreed at the last vUDS that having a
+ separate package allows us to limit a) use of v8 (disabled) which was a
+ security concern and b) allows us to potentially update at a later date
+ if need be only impacting juju itself.
+ 
+ >> juju-core <<
+ 
+ Availability
+ ------------
+ 
+ In universe, not yet available on arm64 or ppc64el.
+ 
+ Rationale
+ ---------
+ 
+ Juju is the recommended service orchestration tool for Ubuntu; as such
+ it really needs to be a core part of Ubuntu.
+ 
+ Security
+ --------
+ 
+ No security history, but it was agreed that a security review would be
+ undertaken as part of the MIR process.
+ 
+ Quality assurance
+ -----------------
+ 
+ No tests are run as part of the package build process; however upstream
+ do run these tests for all target series (12.04 -> 14.04) prior to
+ release so the overall quality of the codebase it pretty good.
+ 
+ The package has some basic DEP-8 tests that bootstrap a local Juju
+ environment to ensure everything hangs together OK.
+ 
+ Dependencies
+ ------------
+ 
+ juju-mongodb (see above)
+ golang or gccgo TBC
+ 
+ Currently all required go dependencies are snapshotted at specific
+ upstream commits and bundled with Juju.
+ 
+ Standards compliance
+ --------------------
+ 
+ OK
+ 
+ Maintenance
+ -----------
+ 
+ Upstream Juju team intend to manage stable point releases against the
+ version shipped in 14.04.  Ubuntu Server team will own the package in
+ distro.
+ 
+ Background information
+ ----------------------
+ 
+ Some decisions still need to be made, mainly around toolchain.
+ Specifically the aim is to support a single Go toolchain in Ubuntu main
+ for all architectures; golang-go does not support arm64 or ppc64el yet,
+ whereas the gccgo implementation does.
+ 
+ Required changes to support gccgo have been upstreamed into the Juju
+ codebase.

** Changed in: juju-core (Ubuntu)
       Status: New => Incomplete

** Changed in: juju-mongodb (Ubuntu)
   Importance: Undecided => High

** Changed in: juju-core (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to juju-core in Ubuntu.
https://bugs.launchpad.net/bugs/1267393

Title:
  [MIR] juju-core, juju-mongodb

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/juju-core/+bug/1267393/+subscriptions